Lessons learned from the “ShadowRay” campaign – the first known attack targeting AI workloads

On March 26, 2024, researchers at application security company Oligo announced the discovery of an active attack campaign targeting vulnerabilities in Ray, a widely used open source artificial intelligence (AI) framework. Did. Ray is an integrated framework for scaling AI and Python applications for a variety of use cases, including enabling distributed workloads and optimizing performance for training, serving, and tuning AI models. The campaign, dubbed “ShadowRay,” is the first observed attack campaign targeting an AI workload, which consists of a set of computational tasks associated with training, deploying, and running AI models and algorithms. It is said that. This incident allowed attackers to steal credentials, remotely control servers, and corrupt AI models.

Oligo’s discovery not only shows how security vulnerabilities are exploited within AI workloads, but also highlights how threat actors are actively looking for ways to exploit AI . To respond and strengthen cyber resilience, defenders must be prepared to leverage AI’s current cybersecurity applications and exploit its full potential in future applications. there is. The ShadowRay campaign also demonstrates the realization of a number of anticipated AI security risks, reinforcing his three key lessons for navigating the ever-evolving AI and cybersecurity landscape.

1. Cybersecurity must be prioritized throughout the AI ​​lifecycle.

The ShadowRay incident highlights the importance of proactively incorporating comprehensive traditional cybersecurity measures throughout the AI ​​lifecycle. By exploiting the CVE-2023-48022 vulnerability, attackers have demonstrated the ability to bypass the need for authentication, tamper with AI models, and gain unauthorized access to sensitive data. Exploitation of this vulnerability could also compromise the integrity of AI systems during critical training and deployment phases, raising concerns that researchers have long raised about security vulnerabilities that AI can introduce and amplify. Some of your fears will come true. In this way, ShadowRay also demonstrates the importance of being prepared to defend against both traditional and emerging security risks within your AI infrastructure.

2. Cybersecurity is a shared responsibility.

Ray’s widespread use by thousands of companies, including Amazon, Microsoft Azure, Spotify, LinkedIn, Uber, and OpenAI, demonstrates how AI systems are inherently interconnected and therefore how cybersecurity is a shared responsibility. It shows whether Ray’s ubiquity means that vulnerabilities discovered and exploited within a Ray cluster can expose all users and associated platforms to potential compromise. This interconnectedness means that the security practices (or lack thereof) of one organization or individual can have far-reaching effects.

In other words, the ShadowRay campaign serves as a sobering reminder that everyone has a role to play in strengthening our collective cybersecurity defenses. Practicing good cyber hygiene, such as using a password manager and implementing timely patch management, are simple tasks that everyone can and should do. Users should also regularly follow best practices and guidance issued by developers, especially after incidents like her ShadowRay. By taking a collective approach to cybersecurity and having everyone and every organization proactively applying robust cybersecurity practices, we can make our AI systems more resilient to existing and emerging security threats.

3. Information sharing and collaboration remain essential to building cyber resilience.

The ShadowRay campaign highlights the importance of information sharing and collaboration in building cyber resilience. In November 2023, following the discovery of Ray’s five vulnerabilities, Ray’s developer, Anyscale, releases a blog post with guidance for users and fixes for the identified vulnerabilities. Did. This open communication allowed Oligo researchers to identify an active attack targeting his CVE-2023-48022. CVE-2023-48022 did not have a patch at the time due to ongoing controversy among developers about its potential risks.

This series of events highlights the need for information sharing and collaboration across all levels of the cybersecurity ecosystem, and the effective incident response that results from such partnerships. However, the scope of the risk posed by this vulnerability and the controversy over whether Anyscale should have forced authentication before the ShadowRay incident has raised questions about the challenges of reaching consensus on security priorities and ongoing learning. and the importance of preparedness for adaptation. Strategies to respond to new insights and threats. AI experts are often not security experts, so collaboration between experts on both sides is essential.


As we navigate the ever-changing realm of cybersecurity and emerging technologies, where clear-cut answers are rare, our strength lies in learning from each incident, fostering constructive discussions around best practices and solutions, and It lies in the ability to adopt an agile, multi-stakeholder approach. This strategy not only protects your current digital ecosystem, but also allows you to develop advanced solutions that help you maintain an edge against potential security threats.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button